Quantitative Evaluation Approach for Real-time Risk Based on Attack Event Correlating
-
摘要:
该文针对入侵检测系统(IDS)实时报警具有关联性的特点,对一定时间间隔内的报警事件进行动态关联分析,在此基础上提出一种实时的风险评估方法。首先,考虑到安防措施强度与节点漏洞对攻击执行结果的影响,提出了攻击成功率算法;其次,提出攻击威胁度算法,较好地区分了多步关联性攻击行为连续发生与多个孤立攻击行为单独发生之间的威胁度差异;最后利用各节点风险态势值加权计算系统整体的风险态势值,从而获得系统实时的风险态势曲线图。为了验证所提方法的有效性,搭建了攻击测试平台,实验结果表明该方法是科学的、有效的,能够提高评估结果准确度,为安全管理员及时改进安防策略提供了重要依据。
Abstract:The alarms of Intrusion Detective System (IDS) are correlated and analyzed dynamically in a certain interval of time according to the relevant characteristics of real-time alarms. On this basis, a quantitative evaluation approach for real time risk is proposed. Firstly, considering the influence of the strength of security measures and vulnerabilities to attacking results, the attacking success probability algorithm is proposed. Secondly, the attacking threat degree algorithm is proposed, and it can better reflect the difference of threat degree between continuous multi-step attacks and multiple isolated attacks. Finally, the risk situation graph of network nodes is achieved by the weighted sum of each node risk situation value. To verify the validity of the method, a testing platform is built. Experiments show that the method can improve the accuracy of evaluation results, and will help to optimize the safety strategy.
-
计量
- 文章访问数: 1965
- HTML全文浏览量: 94
- PDF下载量: 897
- 被引次数: 0